ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 16

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Question 151

Report
Export
Collapse

Which of the following is NOT an objective of the security program?

A.
Security plan
A.
Security plan
Answers
B.
Security education
B.
Security education
Answers
C.
Security organization
C.
Security organization
Answers
D.
Information classification
D.
Information classification
Answers
Suggested answer: A

Question 152

Report
Export
Collapse

Which of the following is NOT a responsibility of a data owner?

A.
Maintaining and protecting data
A.
Maintaining and protecting data
Answers
B.
Ensuring that the necessary security controls are in place
B.
Ensuring that the necessary security controls are in place
Answers
C.
Delegating responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian
C.
Delegating responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian
Answers
D.
Approving access requests
D.
Approving access requests
Answers
Suggested answer: A

Question 153

Report
Export
Collapse

Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

A.
Project communications plan
A.
Project communications plan
Answers
B.
Project management plan
B.
Project management plan
Answers
C.
Project contractual relationship with the vendor
C.
Project contractual relationship with the vendor
Answers
D.
Project scope statement
D.
Project scope statement
Answers
Suggested answer: B

Question 154

Report
Export
Collapse

Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test? Each correct answer represents a complete solution. Choose all that apply.

A.
Race conditions
A.
Race conditions
Answers
B.
Social engineering
B.
Social engineering
Answers
C.
Information system architectures
C.
Information system architectures
Answers
D.
Buffer overflows
D.
Buffer overflows
Answers
E.
Kernel flaws
E.
Kernel flaws
Answers
F.
Trojan horses
F.
Trojan horses
Answers
G.
File and directory permissions
G.
File and directory permissions
Answers
Suggested answer: A, B, D, E, F, G

Question 155

Report
Export
Collapse

Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project's deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

A.
Mitigation
A.
Mitigation
Answers
B.
Acceptance
B.
Acceptance
Answers
C.
Transference
C.
Transference
Answers
D.
Avoidance
D.
Avoidance
Answers
Suggested answer: A

Question 156

Report
Export
Collapse

Which of the following methods of authentication uses finger prints to identify users?

A.
PKI
A.
PKI
Answers
B.
Mutual authentication
B.
Mutual authentication
Answers
C.
Biometrics
C.
Biometrics
Answers
D.
Kerberos
D.
Kerberos
Answers
Suggested answer: C

Question 157

Report
Export
Collapse

In which of the following Risk Management Framework (RMF) phases is strategic risk assessment planning performed?

A.
Phase 0
A.
Phase 0
Answers
B.
Phase 1
B.
Phase 1
Answers
C.
Phase 2
C.
Phase 2
Answers
D.
Phase 3
D.
Phase 3
Answers
Suggested answer: A

Question 158

Report
Export
Collapse

Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization's industry?

A.
Segregation of duties
A.
Segregation of duties
Answers
B.
Separation of duties
B.
Separation of duties
Answers
C.
Need to Know
C.
Need to Know
Answers
D.
Due care
D.
Due care
Answers
Suggested answer: D

Question 159

Report
Export
Collapse

Which of the following is a security policy implemented by an organization due to compliance, regulation, or other legal requirements?

A.
Advisory policy
A.
Advisory policy
Answers
B.
Informative policy
B.
Informative policy
Answers
C.
System Security policy
C.
System Security policy
Answers
D.
Regulatory policy
D.
Regulatory policy
Answers
Suggested answer: D

Question 160

Report
Export
Collapse

Which of the following phases begins with a review of the SSAA in the DITSCAP accreditation?

A.
Phase 1
A.
Phase 1
Answers
B.
Phase 4
B.
Phase 4
Answers
C.
Phase 3
C.
Phase 3
Answers
D.
Phase 2
D.
Phase 2
Answers
Suggested answer: C
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms